Tightening the Rules FCC Moves to Strengthen “Know Your Customer” Requirements

Introduction

On May 1, 2026, the Federal Communications Commission (FCC) released a Further Notice of Proposed Rulemaking (NPRM) that proposes to strengthen and make more specific the FCC’s existing “know your customer” (KYC) obligation for originating voice service providers (the providers best positioned to stop illegal calls before they enter the network). The FCC’s stated goals are reducing illegal robocalls by preventing bad actors from obtaining origination service in the first place, improving traceability and law-enforcement access to accurate customer identity information, and reducing regulatory uncertainty by clarifying what KYC diligence should look like in practice. Comments are due 30 days after Federal Register publication and reply comments are due 60 days thereafter.  

What The FCC Proposes

1. Minimum Customer Identification Data at Onboarding: The FCC seeks comment on requiring originating providers to collect and retain, at a minimum, certain core identifiers for new and renewing customers before granting access to originate calls. The NPRM frames this as filling the “gap” between today’s general “affirmative, effective measures” standard and the more rigorous steps the FCC believes are necessary. The baseline data the FCC discusses includes name, physical address, a government-issued identification number, and an alternate telephone number.
2. Enhanced, Risk-Based KYC for Higher Risk Customers: For high-volume customers and related categories such as business and foreign customers, the FCC seeks comment on requiring additional information. Examples the FCC raises include the intended use of the service and the IP address from which each call will be placed (where applicable). The NPRM also explores whether the FCC should exclude certain “addresses” (e.g., virtual offices, shared offices without dedicated space, P.O.  boxes, mail-forwarding services, and hosted servers) from qualifying as a “physical address,” given their use by bad actors to obscure identity.
3. Verification, Re-Verification, and Record Retention: The FCC is focused not just on collecting data, but verifying and maintaining it. It is seeking comment on requiring originating providers to obtain records to confirm customer identity—such as government ID and, for higher-volume or business customers, formation documents, good standing, active phone verification, address corroboration, and proof of commercial presence. The NPRM also discusses “red flags” that could trigger heightened scrutiny and/or re-verification requirements (e.g., suspicious addresses, thin or newly created web presence, suspicious emails, inconsistencies between claimed location and where traffic appears to originate, non-traceable payment methods like cryptocurrency). On retention, the FCC seeks comment on requiring providers to keep KYC information and supporting records for four years after termination of the customer relationship, tying that to a discussed four-year limitations period for certain intentional/spoofing/TCPA-related misconduct.

Enforcement Proposal: Per-Call KYC Forfeitures & Client Impact

The NPRM proposes to strengthen enforcement by assessing penalties for KYC violations on a per-call basis. Specifically, it proposes codifying a $2,500 per-call base forfeiture amount for KYC violations.

What This Means for Clients

These proposed changes signal a shift toward more rigorous, ongoing identity verification obligations for providers. If adopted, companies may need to enhance onboarding processes, collect and maintain more detailed customer records, and implement controls to continuously validate customer information over time. This could increase compliance costs and operational complexity—particularly for businesses with high-volume or international customers—but also raises the stakes for getting it wrong, given the potential for per-call penalties. Companies should begin assessing their current KYC and recordkeeping practices now to identify gaps and prepare for a more structured, enforcement-focused regulatory environment.

Scale’s Corporate & Securities Team

Scaleʼs Our Corporate & Securities team advises companies at the intersection of innovation and regulation. We work with telecommunications providers, infrastructure companies, and technology platforms to navigate complex federal and state frameworks, execute strategic transactions, and manage day-to-day regulatory demands.